Skip to content

    Section 21 abolished 1 May 2026. Check what this means for you.13 days to go Read the guide →

    PropertyKiln

    GDPR Quick Reference

    Key UK GDPR obligations for landlords processing tenant and applicant data.

    ICO Registration Fee

    £40/year for most landlords (Tier 1). Required if you process tenant data digitally. Penalty for non-registration up to £4,350.

    Lawful Basis

    For tenant records: Contract (referencing/management) or Legal Obligation (Right to Rent, deposit). For marketing: Consent (opt-in only).

    Privacy Notice

    Must tell tenants what data you collect, why, how long you keep it and their rights. Include in tenancy agreement and on website.

    Data Retention

    Tenancy records: keep for 6 years after end of tenancy (limitation period). Right to Rent docs: 1 year after tenancy ends.

    Tenant Rights

    Access (see their data), Rectification (correct it), Erasure (delete it), Portability (copy in usable format).

    Subject Access Request

    Tenant asks for their data — you must respond within 1 month, free of charge.

    Data Breach

    If tenant data is stolen/lost: report to ICO within 72 hours where it presents a risk to the individual.

    Third Parties

    Letting agents, referencing companies, deposit schemes are 'data processors' — have a written agreement (DPA) in place.

    Key numbers

    ICO fee (Tier 1)
    SAR response
    Breach report

    Source: ICO SME hub. UK GDPR + Data Protection Act 2018.

    PropertyKiln uses essential cookies to run the site and optional analytics cookies (Plausible) to see which guides help. No ad-tracking, no resale, no creepy stuff. You can change your mind anytime on our cookies page.